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[Headnote] 

ABSTRACT 

Implementing a corporate extranet improves its external communications with customers, suppliers, and collaborators. 
Using an extranet is an effective way of decreasing corporate overhead and increasing revenue, thus increasing business 
profits. This paper explores the evolution of the extranet, its costs and benefits, development issues, and future 
developments. 

INTRODUCTION 

The increasing pressure of business competition forces corporations to optimize their supply chain lines. Business 
process optimization inside an individual company is no longer sufficient to sustain competitive advantages in 
global economy. Corporations need to utilize electronic technology to integrate business processes with suppliers, 
customers, and partners through data sharing and applications blending. This causes corporations to extend their 
intranet accesses to their suppliers, partners and customers. 
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As employees adapt to an intranet environment they are no longer satisfied with the static information. In the 
meantime, an intranet excludes business partners and vendors from accessing it which reduces corporate 
efficiency on information exchange. When information can be freely exchanged within business partners, it helps 
the company grow. The extranet supports the need of inter-organizational communications. 

Using intranets need to concern its security issues in order to protect corporate privacy during information 
transmission. On the other hand, an extranet provides a better service to organizational communications. It is not 
confined to the external service only. A mixture provision of internal as well as external information exchange is 
facilitated through the corporate extranet. 

Building an Internet site needs to recognize the importance of authentication, integrity and access control. While the 
site is used for electronic commerce (EC) via an extranet, three other issues become extremely important: 
confidentiality, non-repudiation and availability. However, an EC site seeks to increase the number of visitors. 

Extranets provide dramatic business advantages to firms that have to work closely with business partners, 
suppliers or customers. Furthermore, it will let companies integrate business processes with partners globally. 
Basically, an extranet is the use of internet/intranet technology to serve an extended enterprise, including defined 
sets of customers, suppliers, or other businesses that share a common goal. An important feature of extranets is 
that they are typically behind firewalls and are closed to the public. 

Extranets are the logical evolution of Electronic Document Interchange (EDI) technology, which has been used for 
many years to connect companies together for supply chain integration. EDI has traditionally used the automated 
exchange of simple, highly structured electronic forms over private networks. Extranets dramatically extend the 
benefits of intercompany integration through the intertwining of EDI with Internet technologies. The Internet is a 
public and global network which is based on the Internet Protocol (IP) and related standards. This technology was 
designed to provide a standard of interconnecting networks so that any system could communicate with any other 
system. Similarly, an advantage of extranets is the use of Internet's open standards, which allows companies 
having different hardware and software to still communicate. 

The definition for extranets is partially driven by intranets as well. An intranet is a private application of the same 
Internet working technology, software, and applications within a private network, for use within an enterprise. 
Hence, extranets have derived their defined set of customers and suppliers from the applications of an intranet. An 
intranet may be entirely disconnected from the Internet, but is usually linked to it and protected from unauthorized 
access by security firewall systems. 

An extranet requires all users to be identified. Hence additional security procedures need to be implemented. An 
extranet's security concerns differ from that of an intranet's, in which the former relies on the Internet to connect 
users. This connection causes an immense risk. If an extranet does allow access to a company's intranet, security 
steps must be take to ensure that it is the only part of the network that extranet users can get into. Othenwise, an 
extranet can be made to sit outside the core of the intranet (2). 

Extranets use firewalls for security and privacy. A firewall protects against connections to the Internet because it 
has the ability to screen messages in both directions. Some extranets can be viewed as an intersection among 
numerous companies. Security can be obtained by ensuring that the transmission lines are privately owned or 
leased by tunneling through the Internet or using the Internet with password identification. In other words, extranets 
and intranets are very similar in nature. They vary in the degree of accessibility and the particular users allowed. 
Intranets have private access and the users are employees of a specific firm. In comparison, extranets are semi- 
private and the users are groups of closely related firms. 

The purpose of an extranet is to provide those firms with competitive advantages by allowing them to share 
resources. Companies that want to have a competitive advantage must be willing to work with their suppliers, 
customers, distributors, and other businesses to reach a common goal. This goal encompasses an increase in 
services, products, and standards well above competitors. An obedient example is companies that use the 
© Federal Express site to keep track of the progress of their shipments. Another example is the financial services 
and banking industry, which allow investors or bank customers to do their transactions on-line. These two examples 
demonstrate how companies, using an extranet, are able to reach a common goal of increased services together. 

This article discusses the current developments and future analyses of the extranet. Pros and cons of extranets, 
benefits and limitations of extranets and development issues of extranets are identified in the later sections. Finally, 
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current and future applications of extranets are analyzed. 
DEVELOPMENT OF THE EXTRANET 
Evolution of the Extranet 

Internet is the most revolutionary technology in data connmunications. Corporations need to put up a security barrier 
(i.e. firewall) around their intranet to keep intruders out. By establishing intranets, companies have gained 
advantages in reduced costs of distributing corporate infomiation. 

The growth of the intranet has directly led to the evolution of the extranet. The extranet allows the company to 
concentrate on information sharing between the corporate entity and business partners whenever communications 
become important. The intranet helped corporations create several web applications, which made infomiation 
dissemination more cost-effective than before. Although these applications were used for internal workgroups, they 
had tremendous possibilities for external usage, for example, product design teams can include their vendors and 
customers for new product design specifications. 

Organizations soon realized that the relationship between internal efficiency and business productivity is not in one- 
toone type and it will ultimately reach to a point of diminishing return. Unless the infomiation technology can be 
used directly to provide customers high quality products and services, its full potential will remain unrealized. 

The boundary of extranet applications is almost infinite. Extranets prompt many companies to relax numerous 
corporate controls, decentralize management stnjctures, alter publishing information policies and redefine business 
partner relationships. Extranets are also used beyond advertising and marketing projects and to participate directly 
in production process. Some enterprises use extranets to monitor their responsiveness to communications (8). The 
chief applications derived from extranets are listed below. 

One-too-marry communications between teams, departments and entire corporations. Documents intended for 
everyone can be posted on the web page to reduce communication and printing costs for the company. 

Applications requiring two-way interaction. This category includes services such as technical help and support. 
Problem-solving infomiation may be posted on the web and web-e-mail may be used to reply to inquiries. 
Employees may also use the links to other corporate databases to complete reports and analyze data, instead of 
relying on printed reports. 

Applications requiring marry-to-marry interactions. Newsgroup members post messages to form a valuable source 
of knowledge for others. Though some information may be confidential, trusted suppliers and customers can be 
allowed to get into the communication chain. 

The definition of an extranet is still evolving. This network links an organization's employees, customers, suppliers 
and other business partners. This link gives rise to three main advantages: 

Extranet makes all the parties mentioned above more productive. 

Extranet makes information much more accessible. 

Extranet makes organization resources search simpler and easier. 

Large companies often use Web-based technologies to strengthen partnerships by establishing encrypted Internet 
transmissions or even dedicated lines. Extranets allow companies to leverage an existing web site (or intranet) 
infrastructure into improved communications with customers, suppliers and collaborators. 

Types of Extranets 

There are three types of extranets: the secured intranet access, the specialized application, and the electronic 
commerce. Each model is discussed below. 



http://proquest.umixom/pqdweb?index=7&did=000000053820276&SrchMode=l& 3/9/04 



Article View 



Page 4 of 13 



The Secured Intranet Access Model. The partners are offered a direct access to the corporate intranet in this 
model. This model is practical for the collaborative partners. For example, if a small company hires an outside 
financial consultant it may allow the financial application to be webenabled and secured. That partner has access 
only to this particular application. This model is suitable for small companies and non-profit organizations. 

The Specialized Application Model. An application is developed for a narrow group of corporate partners in this 
model. The application may be available to the employees over the intranet, but partners would not have access to 
the general intranet from the extranet site. 

The Electronic Commerce Model. This model is applicable for large partner firms. This model may involve EC 
transactions such as order entry. This site contains information such as pricing and announcements. However, the 
R&D projects are not available to general public. 

Extranet Components 

Although there are differences between the three networks, the technology behind the Internet, intranet and 
extranet are the same, The use TCP/IP for both LAN and WAN. They use HTMI and SMTP to move information 
between servers and clients. Regardless of the technology used, extranets will require a large number of 
components. 

The following components may or may not be used depending on how the extranet is implemented. 

Universal TCP/IP deployment Since Internet communication is essentially built on TCP/EP, the corporate LAN must 
have an IP application Installed on all desktops and remote computers. 

Web Browser. The web-browser is the desktop viewer that makes the web-based content readily accessible to all 
authorized users. The browser runs on top of the IP stack and communicates with the server using the industry 
standard such as point-to-point protocol (PPP). 

Web Server. A web server usually runs on Unix or Windows NT. It is generally used for a range of functions 
varying from simple information display to providing secure, encrypted transactions. 

Remote Access Server. A multi-protocol remote access server (capable of supporting all protocols on a LAN) links 
remote users to corporate resources, extranet applications and Intemet access via phone lines. 

Client dial-in software. Remote dial-in client software, which initiates the call, negotiates the connection and 
terminates the connection, should be installed on remote users' PCs. The remote access client should be available 
for differing operating systems because the remote service often involves different computing environments. 

Internet Connection Device. The Internet connection device such as a roofer that connects the corporate site to an 
Internet Service provider (ISP), provides IP and IPX protocol support and IP package-level filtering. 

Leased line Connection. A high volume operation can use dedicated leased lines (as opposed to modems and 
ordinary telephone lines) in a variety of speeds and configurations via a local phone company. 

Firewall Security. Having an extranet means having extra security. Firewalls are used to screen out unwanted 
users. 

PROS AND CONS OF EXTRANETS 

In general, extranets allow their users such as investors, vendors, suppliers, and key customers to use Internet 
technology to access corporate information quickly and easily. This information is protected and not available to the 
general public. An extranet is protected by firewalls. Only those approved individuals can access the extranet by 
using an assigned I.D. and password. The security issue is an extremely important feature of an extranet. People 
accessing a company's extranet can view both operational and strategic infomnation that its competitors would 
benefit from seeing them. Extranets provide a secure platform to transmit this information through the Internet. 
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Pros of Extranets 

An extranet provides the function of information filtering. Extranet users need to know the content that will cross 
their computers. The web model of "pulling" information from another site is one answer to this issue, as the user 
has taken the initiative in detenmining that this particular piece of content merits their attention. But this assumes 
that the user has found the content in the first place. The "push" model has partially addressed this problem 
through the establishment of subject based addressing. A user can subscribe to subjects of interest to them, and 
subsequently receive any item that falls into this topic. 

Another key advantage of using an extranet is its speed of data transmission. People visit a corporate extranet for 
searching infonnation. A faster infomriation communication will allow companies to gain competitive advantage in 
business environment. Extranets are capable of transmitting real time data to appropriate sites at the user's 
request. 

Extranets can handle data such as computer aided design (CAD) files, purchase orders, design specs, and 
payment instructions. Companies gain a number of benefits by aligning needed computer systems. First, all team 
members can access their newsgroups to share valuable experiences and ideas. Second, an extranet can align 
groupware in which multiple corporations can collaborate in developing new products or services. Third, an extranet 
can help synchronize project management and control for companies that are part of a common work project. The 
topic of efficiency also ties in with just-in-time (J1T) management (10). An extranet can aid the use of JTT to speed 
up the transmission of real time data, and therefore increase efficiency. 

Corporations have already realized the following extranet benefits: 

Savings on paper usage when an extranet is used to post documentation that was printed. 

Savings on communication costs such as voice calls, video training, and video conferencing. 

Savings on travel costs when corporations bring in agents for training and in-person meetings. 

Savings incurred if a company that used to outsource EDI services instead offered electronic payment via the 
extranet. 

Time saving is a major portion of the intangible benefit derived from extranets, though it is very difficult to measure. 
Time saved should be calculated after the extranet has operated awhile. Some of the chief areas in which time 
saving can be realized are: 

Vendor-related projects speed up functions at the purchasing department. 

First tier and second tier savings. For example, the savings experienced both by the primary user of the extranet as 
well as the assistant who would have aided the primary user in completing the task. 

Time saved by programmers in setting up the extranet versus time required in developing client/server applications 
that perfomn similar tasks of the extranet. 

Some industries will have higher return on investment (ROI) for extranet projects than others because these 
industries cater to customers differently, A graph can be drawn for each company based on its customer base, with 
needs of the customers on one axis and their relative importance to the company on another. Once this is done, a 
company can develop an extranet that will have the best ROI. For example, if customers are much more important 
than a supplier is in a company, then they can tailor their extranet for the customers only. 

Cons of Extranets 

Developing an extranet can be a costly project. A company needs to conduct a lengthy study to determine their 
current status and needs. After reaching to its determination of implementing an extranet, they need to consider 
certain management concerns. 
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T , management must identify the kind of information to be shared because the nature of an extranet is to share 
information among corporate partners. It could be a problem if the management had no previous experience on 
corporate resource sharing. The more capability of infomriation sharing it creates, the less control will be on what is 
being shared. 

Technology dissimilarity is another issue. Selecting certain networking technologies may exclude some business 
partners who do not use the compatible software or hardware. For example, web sites that force users to run Java 
applets might ups those partners who have banned Java from their intranets. Any computer system has the risk of 
system crashes or delays. The extranet may lose business when the system is unavailable or crashed. 

The decision of building an extranet is ultimately detemnined by individual company. Companies must verify how an 
extranet will benefit their key business functions. Some limitations confining the development of the extranet are 
discussed below. 

The development cost is high. Organizations try to minimize extranet developing costs; it has been known that it will 
cost as much as $100,000 to develop the site as well as $10,000 per month to maintain it. 

An extranet needs a constant feeding and maintenance on a 24 hours a day and seven days a week basis. One 
way to keep this kind of commitment is to outsource the extranet. 

It is difficult to persuade senior members in the organization to adopt the new technology. They have to spend time 
and money to increase awareness within the corporation (7). 

DEVELOPMENT ISSUES 

New Standards 

Though there are several existing standards, several corporations are working together to create the new 
"standards." The main standards are listed below. 

* Open Buying on the Internet (OBI). The OBI specification is intended to be used for high volume, low dollar goods 
and services as opposed to the e-commerce model standard that focuses on low-volume goods regardless of the 
price. 

* IP Security Protocol (IPSec). This specification is for virtual private tunneling. Though not yet complete, it may 
become important for extranets. 

* Light Weight arectory Access Protocol (LDAP). It is essentially a series of intelligent directory control features 
(16). 

Security 

Security options have to be determined based on sensitivity of the data. The ability to access the private network 
from the Internet and vice versa is valuable to a company. A direct connection between a corporate network and 
the Internet implants a security risk. 

The six goals of computer security required for an extranet are listed as follow. 

1. Confidentiality. Verifying that the information is private and accessed only by intended recipients. 

2. Authentication. Identifying an individual computer to ensure that the party attempting to access should be listed 
on the user list. 

3. Non-repudiation. Ensuring that people cannot deny their electronic actions. 

4. Integrity. Verifying that infomiation sent is the one received. 
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5. Access Control. Verifying that the resources are under the exclusive control of authorized parties. 

6. Availability. Ensuring that downtime is not created by security related issues. 

Each of these goals has their own set of tools and protocols. Many of the protocols achieve one or more of these 
goals. An extranet security plan is only a part of the overall security plan that includes detailed policy making, 
different layers of security, and auditing of the security systems. Each goal is further discussed next. 

Confidentiality and Authentication 

1. A security protocol can be used to ensure confidentiality and authentication. Netscape's Secure Sockets Layer 
(SSL) is the mainstream of current extranet security. SSL is an industry standard that makes use of cryptography, 
particularly public key technology (2). SSL uses this technology to provide three basic services: 

* It establishes a private connection. 

* It allows the identity of both sides to be authenticated with digital signatures using asymmetric cryptography such 
as Rivest-Shamir-Adleman (RSA) or Digital Signature Standard. 

* It creates a reliable connection. 

2. A new technology known as Secure Electronics Transactions (SET) may be used. SET details how bankcard 
transactions on networks can be secured with encryption technology. (SET is developed by © IBM . GTE, Microsoft 
© MasterCard and ©Visa, etc.) 

3. Virtual Secure Private network (VSPN) allows business partners, who each have intranets, to send secure 
communications to each other over the Internet. This is the best method to achieve the first two security goals. 
VSPNs use a combination of routing technology, encryption technology and tunneling to achieve their goal. VSPNs 
are expensive to set up, A less expensive and simpler way to set up such a network is to use a protocol known as 
Point-to-Point Tunneling Protocol (PPTP). 

Authentication and Non-repudiation 

Once authentication is absolute it achieves nonrepudiation. Authentication can occur in a number of ways such as 
password and login names at the server-level, timestamped passwords and certificates, etc. A number of ways of 
achieving non-repudiation and authentication are identified as follow. 

Session Identifications: These are not very secure but they prevent people from accessing the extranet from just 
knowing the URL. 



* Smart Cards: Smart cards help create one-time passwords and are much tougher to be cracked than session 
IDs. 

* Kerebros: This system is useful only when all the workstations, servers and computers within the company 
rimning the Kerebros software. This software blocks all intruders from accessing network resources. 

* Certificates: The X.509 certificate pins the most support for authentication and it is most useful for thwarting 
hackers who are in the middle and communicating between the two parties at either end. 

* Digital Signatures: Digital Signatures are different from Certificates and they provide the most solid way to achieve 
non-repudiation by allowing a document to be stamped in such a way that only the owner of a certificate can use it. 

Integrity is an extension of non-repudiation. The tools used to create interactive web applications (such as Java, 
Perl, etc.) that conceive this security concern by raising the question that whether any of these applications are safe 
to use. If the applications are digitally signed (Digitally Signed Software) it will ensure a measure of integrity. This 
process is still in an experimental stage. 
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Access Control 

While preventing extranet documents from being seen by the wrong parties, it is important to prevent the server 
itself from being tampered with. This means that the only designated individuals can upload infonmation. delete 
information, change access privileges, and so on. 

Availability 

Extranets must be available to customers and suppliers at all times because a tremendous amount of potential 
business tests on them. Back-ups must be maintained and kept safe. The other area of concern when ensuring 
availability is to keep the extranet safe from vinjses or Trojan horses. Trojan horses (viruses) appear as normal 
programs but when run damage a computer, its data and hard disk. 

Another fomri of virus known as 'womns" is designed to attack a network by replicating themselves. They attack the 
networked computers or the network itself. Viruses can also be transmitted via hostile Java applets. Whenever a 
Java applet is run on a computer, the downloaded executable program on the server may contain the virus. Though 
Java is made secure all the time, the potential for infection does exist. To combat such threats against the intranet, 
antiviral software and eradication software can be used to delete these viruses (6). 

Costs 

Returns on the intranet have been estimated to reach 1000%, based on research done by Internet Data Corp. 
(IDC). Payback periods range from six weeks to three months. Such high returns are feasible because of the low 
cost and easy creation of a web site. Not enough studies have been done on extranets. Though extranet costs will 
be high because of the security issues involved, the estimated returns are expected to be not much less than IDC's 
estimation. 

Major costs involved in developing an extranet follow: 

Acquisition costs. These are the basic costs to establish an extranet, including web-specific hardware (servers and 
peripherals), communication hardware (routers), leased lines, Intemet access and software (operating systems, 
database management, utilities and graphics packages). 

Content management costs. These costs are hard to estimate but include costs in keeping the content current, 
designing web presentations, building hyperlinks and keeping them current and active. 

Human resource costs. Once the extranet becomes a running application and grows, the company may have to 
employ some dedicated people to run and manage it. These costs include those incurred in administering and 
managing the site, creating applications and plug-ins, developing applications to link legacy systems, learning new 
technology and training (2). 

Role of Electronic Data Interchange (EDI) 

Larger corporations (to be hubs) generally demand EDI compliance from their smaller suppliers (to be spokes). A 
similar trend is seen on the extranet. The advantage with the extranet is that the hubs are able to provide a cheaper 
and more uniform way for the spokes to access their internal databases and to exchange transactions. The biggest 
difference between the EDI access to databases and the e-commerce access to extranets is that the latter enables 
sharing of data and knowledge, whereas using EDI to access the extranet yields much of the same data as before. 
Therefore, EDI has to be integrated with collaborative tools (such as Lotus Domino) to extend its reach to data and 
knowledge (11). 

APPLICATIONS AND FUTURE IMPLICATIONS 

Extranets can be used to run a variety of applications, including order processing, joint projects, customer service 
and support, electronic mail, full access, and so on. 

The above applications can be understood better if the extranet is considered in terms of the services it provides. It 
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provides two basic kinds of services: user services and network services. They are discussed below. 

1 . User services include: 

Infomnation sharing and management: Extranets can be used to publish the latest product information. Everyone 
who has access rights may see the information, and it is easy to update. The documents can be indexed and 
managed from a central location, no matter how dispersed the audience. 

Communication and Collaboration: E-mail and discussion groups enable this service. It makes it possible for a 
customer to look up a sales representative and contact him/her via E-mail. Online addresses also aid this extranet 
feature. 

Navigation: Customers looking for specific information may locate all necessary documents relating to the subject 
matter by running a query. Customers can also be alerted to new information available on any particular product. 

Access to Applications: The extranet is a true Client/ Server system. For example, a customer can run applications 
that display on-line catalogs, check prices and place orders without the presence of the seller. 

2. Network services include: 

Directories: Directories can be used to track and manage information about the people who use the network. It 
includes access control, server operation and configuration, and resources needed by particular applications. 

Replication: Replication: Replication maximizes the network's efficiency by distributing information (such as a 
company's catalog) to multiple locations along the network, so that the local customers at corporate branch sites 
can readily access this infomnation at higher speed. 

Security: Extranets can be used to protect resources against unauthorized access, encrypt communication, and 
authenticate communication to verify sender's identity, and verify the information received. 

Management: A single administrator can easily manage all the servers on the extranet using tools such as Simple 
Network Management Protocol (SNMP). 

Extranets create a new opportunity for gaining competitive advantages. Extranets are being deployed by 
businesses to collect and distribute critical infomnation globally. For example, the health care industry is developing 
some secure extranet systems for linking hospitals and insurance organizations. These systems will allow patient 
records to be shared in a rapid and cost effective manner. Biotechnology fimns start using extranets to collect field 
study outcomes from thousands of patients around the world to decrease telecommunication costs. 

Insurance firms use extranets to link them to clients' databases, which enables electronic forms processing and 
online sign-ups. These systems reduce papenwork and decrease turnaround time for claims processing. Similarly, 
financial sen/ices companies increase responsiveness and profitability by securely exchanging documents through 
extranets. 

Manufacturing and transportation industry leaders use extranets to communicate with customers and suppliers. The 
automobile industry, for example, adopts extranet technology to exchange CAD files, inventory management 
requests, and EDI messages, and expects to save billions of dollars from their efforts. Computer and technology 
manufacturers like © Cisco and QPell provide electronic product configuration and ordering functionality to their 
customers through extranets. 

Retail stores use extranets to link their suppliers and to connect franchisees to the corporate office. Corporations 
are turning to extranets to reduce the exorbitant costs of private networks and legacy EDI networks. 

Digital media professionals have extranet technology to exchange files and access production online. Digital type, 
3D animation, and digital video composition have revolutionized the graphics, printing and file production industries. 
They use proprietary modems and ISDN networks to transfer files between companies. As the capabilities and 
quality of the Internet increase, extranet solutions will make a big impact on this industry. 
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Cases of Corporate Extranets 

©Charles Schwab . © Charles Schwab , an investment firm, invests approximately $250 billion worth of assets for 
four million active customers. Schwab's top 5000 investment managers have an easy time checking their 
investments through SchwabLink Web, the first Java-based extranet (4, 5). 

Schwab's investment managers had interests of making complex online changes to their account status, such as 
percents of holdings that reflect the current market fluctuations. These demands made Schwab adopt object- 
oriented technology. These objects can be used to organize complex business rules that govern investors' 
transactions. In addition, the design team made the object-oriented program CORBA compliant. This programming 
standard made developers to quickly call up objects and to change business rules. 

Another new feature of Schwab's SchwabLink Web is "user recognition," which is made possible by its Internet 
Inter ORB Protocol (BOP) compliance. This user recognition allows different investment managers to have access 
to different data and trade applications. Each individual user can have a network profile, which identifies individual 
data rights. 

SchwabLink Web sits on Sun servers. Investors can access the system from a normal desktop PC on the network. 
Benefits of this design include real-time information and "push" technology that will push updates to the server over 
the web. 

American Express Corporation. American Express Corporation has been working on a new development of 
extranet communications. American Express Corporation intended to allow customers to check their 401 K- 
retirement plan information (1), but worried about that technology could scare their customers away. Since their 
point and click query system required some knowledge about data structures, they decided to go with a natural 
language system. This system allows users to enter questions in simple English. In addition, if the software doesn't 
recognize what the user is asking, it will suggest different wording to help find an answer. 

Currently, about 60 customers are using this new extranet. Although some users who had already mastered the 
standard query software found the new system slow, new users appear to love the natural English system. 

It should be noted that American Express is not the only company to go with the natural language querying. 
© Microsoft Corporation has also built the query language into its Enterprise Edition of its SQL Server database. 

The Future of the Extranet 

The future of the extranet can be characterized as the following (3). 

Blurring of networks boundaries. With the widespread adoption of the extranet, the line between corporate networks 
will blur. Networks will become task and workgroup oriented, rather than company oriented. This will lead to an 
improvement both in the functionality of the network as well as perfomnance. 

Shifting of IS Tools. A shift in IS tools to manage this new shared network will be required. Traditional management 
tools will be extended into Internet-dedicated devices. Security. Organizations will have a greater level of 
confidence in using the Internet for WAN-like networks, extranets, and intranets, and using the next version of IP 
protocol. 

Agents. Agents will automate many of the networking tasks that are generally performed manually today. For 
example, conducting research on Internet-published information will no longer be a matter of using several search 
engines and then surfing for a list of responses. New agents will be able to perform those tasks, present the 
findings and then customize the search results to the users needs. Agents will also be able to perfomn backend 
tasks such as compiling reports from multiple web sites that use live, backend databases. 

Uniform Style Guidelines far Web Sites. For example, nonfiction books use the table of contents and index 
regularly. Likewise, web-content providers will adopt such uniform customs, which further increase the efficiency of 
"agents." The "site-map" (which is a hierarchical tree chart of the site) is an example of this and enables users to 
navigate with vision. 
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Universal User Interface of the Browser. Rather than the operating system, the browser will become the point of 
contact for users. The browser will interpret whether the device is connected locally, through the physical network 
or through an IP network. 

Video. Increased bandwidth and improvements in video technology will increase its use on the networks. 

More Efficient Internet Backbone. Businesses can improve the performance of the Internet by adopting new routing 
and more efficient protocols and preventing Internet outages. 

RHI Consulting in Menio Park, California, surveyed major chief information officers (ClOs) in U.S. corporations, and 
82% of them agreed that the popularity of extranets will increase over the next three years. Also, more than half 
(i.e. 66%) of ClOs responded that they are either have an intranet in place (in 23%) or plan to develop one (in 43%) 
during the next three years (15). 

Active Media (a research fimri in Petersborough, NIA revealed that in a study of 3500 companies that have 
intranets, 20% had opened their corporate intranet to external customers by spring of 1997 (8). By year 2000, 
spending on extranet and intranet technology would have increased tenfold (from 1996 level) to about $1.1 billion. 
These growth rates are contingent upon improvements in security measures, as per research done by Tower 
Group (9). 

Netscape describes the future of extranet (14): 

But even though it is a young technology, Internet commerce is rapidly approaching a more mature and complex 
stage. In the future, the Internet will become even more integrated into our lives and our everyday business 
transactions: an integrated Web of businesses, consumers, commerce partners, suppliers, and services. As part of 
online commerce, we will see the formation of "extranets: " services, products, and activities located outside the 
security firewall of the corporation. These extranets will allow consumers and business contacts to interact with an 
organization's structure - - to collaborate, publish, communicate, and provide services - - without compromising an 
organization's security. 

Netscape is already moving to the next step: "embedded extranet." An embedded extranet would enable 
transparent retrieval of information between business partners. An embedded extranet is a corporate Web site that 
queries a second company's database and transparently delivers results. The embedded extranet is a strategic 
advantage because it eliminates a step for the user. Extranet experts agreed that embedded extranet applications 
could prove big, but they questioned whether Netscape holds any strategic advantage. ©Cisco Connection 
Online's extranet is one of the first such applications. © Cisco , a network giant, is saving a tremendous amount of 
cost in the area of order entry because of their embedded extranet. However, adoption of such systems has been 
slow. That could be because there are no standard application programming interfaces (APIs) for applications that 
use TCP/IP to manage that kind of data exchange. Without standard API, each embedded extranet application 
must be developed individually. 

Another new extranet technology was developed at Protegrity (13), a small company based in Stamford, 
Connecticut. Protegrity has developed a software package called Protegrity Data Element Wrapper (PDEW). The 
main function of PDEW is to protect each piece of data rather than its entire database, so data encryption can 
follow each piece of data. Protegrity claims that their wrapper can protect data from internal and external thieves, 
protects against viruses, is simple for non-technical managers to operate, and approaches security as a business 
function. 

New Oak Communications recently released their new NOC 4000 Extranet-access switch (12). This hardware 
platform was targeted at virtual private networks, and can enable network managers to create the customized 
profiles in a tree fomnat for various extranet users. Brad Baldwin (director of remote access at International Data 
Corporation) indicated, "It (NOC 4000) is a very complete piece of hardware that includes security and 
management." 

SUCCESS FACTORS 

Many companies may want to jump into this new technology. However, not all companies may be suited to deploy 
extranets. The types of companies that would benefit from this technology include the following: 
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* Companies that already have a web site and they want to extend it as a 24 hours a day/7 days a week customer 
service tool. 

* Companies that have an intranet to communicate within employees and they want to share information with 
customers and partners. 

* Companies that use EDI 

* Companies that function in such industries where it is beneficial to project a technology-sawy image to their 
customers (16). 

* Flatter organizations as opposed to hierarchical rigid organizations (8). 

To guarantee a secure corporate extranet, a company should resolve the following issues: establishing a corporate 
security policy, having periodic security checks, setting rules for granting access to the system, and installing 
firewalls. These are the critical success factors for building a safe extranet. 

A corporate security policy outlines how users access corporate systems, what information is attainable, 
authentication procedures, encryption issues, and auditing procedures. The corporate policy should be abided in 
order to guarantee the security of the extranet. 

The second aspect of the security requires a periodic security check. Using these checks allows for detecting 
security weaknesses and/or system intrusion. These checks can be accomplished by a network administrator or by 
an automated security scanning software. 

An extranet system should be designed to allow access for particular users and employees in a controlled manner. 
This security issue should be a task of the systems administrator or of the internal auditors. 

The most important component of an extranet is its firewall. Firewalls are available in several types. Firewalls range 
from a simple packet filter to an application-level firewall. When building an extranet, the key issue is to separate a 
company's intranet firewall from the firewall of its extranet system. The issue of separating firewalls stems from the 
use of different applications. In such cases, new applications should be loaded onto each firewall to enable data 
exchange over the system. 

The next issue is extranet management. This can be a difficult task because several employees may have access 
to their own intranet and also want their own information to be posted on the extranet. 

The way to guarantee a secure extranet is to allow all accesses through a single gateway and that is periodically 
monitored. This gateway should be separated from the main firewall of a corporate intranet. The safer way to build 
the extranet system is to place a set of servers outside corporate firewall for users to access the extranet. This is 
known as a "De-Militarized Zone" (DMZ). 

The DMZ uses a se of servers that are designed particularly as extranet servers. These servers can be Web and 
application servers that allow certain extranet users to access specific information. The servers have tracking and 
monitoring capabilities to detect weaknesses and intruders. After the DMZ is placed on the system, the company 
must manage the exclusive information that partners may access through the extranet. 

CONCLUSION 

An extranet is used to bring businesses together by simplifying its exchange of information and optimizing its 
processes. Extranets are a use of Internet/intranet technology to create new opportunities for companies. Extranets 
are similar to an intranet, and therefore, it is similar to the Internet by having open standards. With this in mind, we 
need to recognize the concerns on system security and management. 

A proactive approach Is required to implement an extranet. Extranet users of participating organizations must 
actively be Involved in the process. Consensus on a common goal is important. Infonnation should be maintained, 
but not duplicated, by all the participating organizations. A corporate extranet committee may be established to 
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make the system maintenance more cohesive. A proper planning process could minimize system failures. 



As is seen, extranets can provide tremendous advantages to a corporation if it is deployed accurately. Hence, 
corporations who want to profit from this technology should consider the issues discussed in this paper before 
embarking on such a commitment. 
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